SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of
trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with
a trust-store file containing one or several trusted certificates. The client
secure socket will reject the connection during the SSL session handshake if the target HTTPS
server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file:

In special cases the standard trust verification process can be bypassed by using a custom
TrustStrategy. This interface is primarily intended for allowing self-signed
certificates to be accepted as trusted without having to add them to the trust-store file.

SSLSocketFactory will enable client authentication when supplied with
a key-store file containing a private key/public certificate
pair. The client secure socket will use the private key to authenticate
itself to the target HTTPS server during the SSL session handshake if
requested to do so by the server.
The target HTTPS server will in its turn verify the certificate presented
by the client in order to establish client's authenticity.

Method Detail

getSocketFactory

Obtains default SSL socket factory with an SSL context based on the standard JSSE
trust material (cacerts file in the security properties directory).
System properties are not taken into consideration.

prepareSocket

Performs any custom initialization for a newly created SSLSocket
(before the SSL handshake happens).
The default implementation is a no-op, but could be overridden to, e.g.,
call SSLSocket.setEnabledCipherSuites(String[]).